The ability to accept payment methods like credit cards is practically a requirement in business, but it also comes with certain responsibilities. As a company, you have to make sure that you are using customer information in a way that guarantees, to the best of your ability, that the data won’t fall into the wrong hands. The Payment Card Industry Data Security Standard (PCI DSS) sets standards to prevent such vulnerabilities. Let’s take a look at PCI DSS compliance.
What Is PCI DSS Compliance?
PCI DSS compliance is a set of guidelines that outline the way your company stores customer information and processes card-based payments. It was created from a joint effort between American Express, Discover, JCB, MasterCard, and Visa. Any business that accepts credit cards payments need to be PCI DSS compliant.
Any company that accepts credit card payments may be asked to prove that it is in compliance with PCI DSS protocols. The PCI Security Standards Council (PCI SSC) sets the requirements, but the actual enforcement falls to the payment brands and acquirers.
The 6 Main Requirements
For PCI DSS compliance, you will need to follow the standards set by the PCI SSC. There are six basic areas of PCI DSS compliance requirements:
Secure Network
The first step is to build a network that is secure. You can do this by installing a firewall that protects cardholder information. In addition, you will want to take practical steps, like changing the vendor-supplied usernames and passwords to something more secure and less easily guessed.
Protect Cardholder Data
Additionally, there are some steps you can take so that cardholder information within the PCI gateway is not vulnerable. Likewise, when cardholder data is transmitted through the payment gateway, you will need to encrypt it.
Maintain the Network
Of course, setting up these standards is not enough; you will also need to maintain them. Using anti-virus programs and taking other steps to keep data secure, such as changing passwords regularly, will help you do that.
Limit Access
Next, make sure that people need to enter unique usernames and passwords to gain access to cardholder data and only those people who absolutely need access should be able to view that information. Also, restrict any physical access to credit card data.
Monitor System
You will also need to monitor your system. Pay attention to who logs into the cardholder data network and confirm the reasons why those individuals gained access. You should test your firewall and security systems regularly as well.
Create a Policy
Finally, you will need to create an information security policy for your employees as well as any contractors of third-parties who might have access to your files.
Consequences of PCI-DSS Non-Compliance
The consequences of not having PCI-DSS compliance can be steep. PCI non-compliance fees are often as high as $30 each month, but can go much higher — even up to $100. Plus, you can be held liable if someone does gain access to your customer’s credit card information. Luckily, there is an easier way.
When you use a company like PaymentVision to process your credit cards, you don’t have to worry about PCI DSS compliance, because we do it for you. It’s one less thing for you to worry about — and it saves you the cost of non-compliance fees.
If your company accepts credit cards, you need to make sure that your payment processing is PCI DSS compliant. Meeting these standards can take some work, but you only have to meet them if you process credit card payments.
See the original version of this article on PaymentVision.